mibuso.com
Home NAV/Navision Classic Client

Regarding the weakness of fixed menus as access control

IMA2002IMA2002 Member Posts: 6
edited 2007-08-03 in NAV/Navision Classic Client
I need info on the ways the users could possibly bypass their fixed menus. Many of the users have superuser accounts for various reasons, but I'm a little bit preoccupied that they can bypass the fixed menus and access areas that they should not be able to access.

Comments

  • diptish.naskardiptish.naskar Member Posts: 360
    Can a eloborate a bit on this?
    Diptish Naskar
    For any queries you can also visit my blog site: http://msnavarena.blogspot.com/
  • WaldoWaldo Member Posts: 3,412
    From the top of my head:

    - Superusers that can enter the navigation pane designer, could enable other menu's
    - Superusers that can access the object designer, can run all forms/tables
    - Superusers can run code coverage en client monitor: so they can see what tables/code/triggers/.... are run
    - Superusers can zoom
    - Superusers can alter reports / design of forms / ... .
    - ...

    Bypassing fixed menu's is possible by accessing the Navigation Pane Designer. If you're blocking in the "Partner"-menusuite (whick users cannot access with their license) ... you're quite safe.

    Eric Wauters
    MVP - Microsoft Dynamics NAV
    My blog
  • IMA2002IMA2002 Member Posts: 6
    Thanks a lot Waldo, this is a big help and diptish.naskar any info you have is much apreciated.
  • flfl Member Posts: 184
    I know that security is a big investment in time. To find out which user must have acces to which table is a hell of a job.

    But why do you use a SUPER role for those users. Just create a new role and give them access to tabledata 0, tables 0, forms 0, reports 0, dataports 0, codeunits 0 but not to system 0. Just give them access to those system points, they realy need. Then you can already now forget allmost all the issues that Waldo mentioned.

    If version 4 is used, you can give them acces only to the menus they really need.

    Is this a 100% solution. NOWAY. But its just a start. Yes users can then still access other data but they really have to look for it. (example: in sales order line place type=g/l ledger, then you can look up the g/l ledger, but you can see all the g/ls. You can open the G/l card, see the posts, .... Even is this is not mentioned for there eyes. Only Tabledata access can avoid this.
    Francois
    Consultant-Developper

    http://www.CreaChain.com
  • Alex_ChowAlex_Chow Member Posts: 5,063
    Super users can just go directly into Object Designer and run the forms.
    Confessions of a Dynamics NAV Consultant = my blog
    AP Commerce, Inc. = where I work

    Getting Started with Dynamics NAV 2013 Application Development = my book
    Implementing Microsoft Dynamics NAV - 3rd Edition = my 2nd book
  • WaldoWaldo Member Posts: 3,412
    fl wrote:
    I know that security is a big investment in time.
    Indeed.

    And don't forget that (almost) every customer "expects" it that you set up a proper security model.

    It is a standard topic in our quote.

    Eric Wauters
    MVP - Microsoft Dynamics NAV
    My blog
Sign In or Register to comment.